Hi Stefan, Sorry to take so long to reply to this thread. Frankly, our team has been busy with Code Red response activities, and didn't catch the Cisco reference in your original post. We've set this up in the lab, and don't see the same issues. I've worked on a few UDP flood cases where the target server was definitely having problems, but the IOS gear was just fine; that was what we were using to troubleshoot the problem. Through traffic is what the box is designed to handle. I'd be interested to review your test configuration and topology; if this is a legitimate problem we'd certainly like to fix it as quickly as possible. Being a vendor, of course we'd really appreciate notification of problems such as this prior to public posting. Additionally, as we simply didn't see the reference to our products in your notification, we're a bit embarrassed by the time lag in our response. Thanks much, Lisa Napier Product Security Incident Response Team Cisco Systems At 03:48 PM 7/25/2001, Stefan Laudat wrote: > > Uh-huh. Tested it on Linux 2.2 and 2.4, can't confirm the problem. It > > would be pretty strange, btw, since it simply generates normal UDP packet, > > no black magic, really, and remote system, unless there's comast service > > running, politely responds with 'ICMP destination port unreachable', which > > is translated into 'Connection refused'. > >One extra thing I haven't underlined so well in my announce: cisco routers >(and as well as other ones maybe) start crawling even forwarding the flood not >being the target itself only. Looks like an UDP handling problem for me :( >I have managed to kill a 7513 Cisco Router with DCEF enabled and loads of >other speed hacks. Try it for yourself :) > >-- >Stefan Laudat >CCNA,CCAI >Senior Network Engineer >Allianz-Tiriac SA > >"Let's call it an accidental feature." > -- Larry Wall
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 18:27:15 PDT